The importance of web security

Join us as we take a look at the different approaches you can take in order to bolster your web security. We find out how to identify and address overlooked web security vulnerabilities, how security controls affect web security assessment results and why web opportunities must be met with appropriate security controls.

The collaborators believe that establishing a basic level of cyber hygiene, through implementing the basic controls, will solve a lot of problems and protect against most low-level threats.

Essential security controls

The Cyber Essentials Scheme provides guidance on:

Secure configuration

Access control

Malware protection

Patch management

Firewalls and internet gateways

The CES identifies five essential security controls that organisations must have in their IT systems to ensure they begin to mitigate risk from internet-based threats (see panel, right).

Systems that fall within its scope include internet-connected user devices such as desktop PCs, laptops, tablets and smartphones; and internet-connected systems such as web and application servers.

The launch of the scheme follows successful pilot assessments, managed and reviewed by Crest, the not-for-profit organisation that represents and certifies the technical information security industry.

The CES will also offer a way to win customer confidence and competitive advantage, by certifying the level of an organisation’s compliance with the five controls set out in the guidance.

Developing the assessment framework

Crest worked with CESG, the information security arm of GCHQ, to develop the assessment framework for the CES.

Details of the first security companies accredited by Crest to deliver Cyber Essentials assessment services are available on the organisation’s website.

“Crest has built an assessment framework optimised for the CES that will ensure organisations of all sizes and from all sectors can be properly and independently assessed to have the key technical controls in place to manage cyber risks,” said Ian Glover, president of Crest.

“By displaying the Cyber Essentials 'badge' they demonstrate to customers that they have taken steps to be fundamentally cyber safe,” he said.

Global information assurance firm, NCC Group is also among the group of security specialists selected as assessors for the scheme.

Assessments will include remote and on-site tests of businesses’ IT systems, as well as a detailed questionnaire.

Certification for businesses

Companies across the UK can now start the independent assessment process, and if successful attain the Cyber Essentials certification badge.

“This is the sort of support from government that will make a real difference to UK businesses. By putting standards in place, it gives SMEs an attainable security benchmark, and one which will provide significant protection from a wide range of attacks,” said Rob Cotton, CEO at NCC Group.

“This is not a silver bullet, but getting the fundamentals right is crucial. Cyber Essentials will provide a solid foundation for a cross-section of businesses that have historically struggled with security,” he said.

The scheme follows on from the government’s 2012 publication of its 10 Steps to Cyber Security guide, aimed at encouraging organisations to consider how they manage their cyber risks.

The guide raises the need for company boards and senior executives to take ownership of these risks and enshrine them in their overall corporate risk-management regime.

The government views the adoption of an organisational standard for cyber security as the next stage from the 10 Steps to Cyber Security guidance.

According to the Department for Business Innovation and Skills (BIS), government plans to implement the CES throughout the public sector and, in the longer term, embed it in procurement processes.

0 comments

Register

Login

Forgot your password?

Your password has been sent to:

By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy